so if i need inside to outside untranslated and outside to inside untranslated + some static mapping il'll do:
PIX1# show running-config nat nat (inside) 0 access-list nat_exemption --> i wanna inside host to communicate untranslated to external host nat (outside) 0 access-list nat_exemption --> i wanna outside world to communicate untranslated to internal host
PIX1# show running-config static static (inside,outside) 184.108.40.206 220.127.116.11 netmask 255.255.255.255 --> i wanna map real ip 18.104.22.168 with 22.214.171.124 static (inside,outside) 126.96.36.199 188.8.131.52 netmask 255.255.255.255 --> i wanna map real ip 184.108.40.206 with 220.127.116.11
PIX1# show running-config access-list access-list all extended permit ip any any access-list nat_exemption extended deny ip host 18.104.22.168 any access-list nat_exemption extended deny ip host 22.214.171.124 any access-list nat_exemption extended permit ip 126.96.36.199 255.255.255.128 any
We don't translate the source from low to high so, there is no need for nat (outside) 0 access-list nat_exemption. Also, nat 0 with an acl applied on the inside will allow traffic to be initiated from the outside. It is bi-directional.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...